[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: pf.conf question
- From: Sam Vaughan <yamaneko_(_at_)_centurytel_(_dot_)_net>
- Date: Fri, 15 Feb 2002 02:05:31 -0500
I have a small question about one of the examples in the pf.conf man page.
From the EXAMPLE section:
# block and log everything by default
block out log on $ext_if all
block in log on $ext_if all
block return-rst out log on $ext_if proto tcp all
block return-rst in log on $ext_if proto tcp all
block return-icmp out log on $ext_if proto udp all
block return-icmp in log on $ext_if proto udp all
I just want to make sure I am understanding the above correctly.
The first two rules block everything. So why are the next 4 needed?
My assumption is that they are helpful in reading the pflog log output.
(IE you know that it was rule 5 that got blocked)
What are the advantages of logging separately the return-rst and